"The European Union is expected to implement sweeping new data privacy laws in May. Known as the General Data Protection Regulation, they will restrict how tech companies collect, store, and use personal data from people across the EU—as well as require companies to clearly explain how they plan to use personal information. Here, CIS Director of Privacy Albert Gidari explains the new regulations and how they might affect American users.
What will these new laws actually do for personal privacy? Do you expect the EU regulations to improve privacy for everyone, not just Europeans?
The GDPR applies to the personal data of EU residents, so theoretically the changes in EU law would not provide greater protections for residents of the rest of the world. But, the GDPR applies extraterritorially to those companies that process the personal data of any EU resident so the practical effect of the law is to force platforms and Internet companies around the globe to comply with GDPR requirements everywhere. The alternative would be for companies to create two separate systems and infrastructure to separate EU data, which simply isn’t practical in an interconnected world. That means people everywhere will see increased transparency about what data is collected, how it is used, to whom it is disclosed, and have the ability to limit all of the above. Even though the compliance date is around the corner, we are still waiting to see how the GDPR will be implemented in each country so people should look at this as a process that will take time. But because the fines are so great under the GDPR (up to 4% of global revenue), companies have had to anticipate compliance in many areas to be ready."